Mining alarm clusters to improve alarm handling efficiency
作者: K. Julisch
DOI: 10.1109/ACSAC.2001.991517
关键词:
摘要: It is a well-known problem that intrusion detection systems overload their human operators by triggering thousands of alarms per day. As matter fact, IBM Research's Zurich Research Laboratory has been asked one our service divisions to help them deal with this problem. This paper presents the results research, validated thanks large set operational data. We show should be managed identifying and resolving root causes. Alarm clustering introduced as method supports discovery The general alarm proved NP-complete, an approximation algorithm proposed, experiments are presented.
acsac.org 参考文章(23)
Joseph L. Hellerstein, Sheng Ma, Mining Event Data for Actionable Patterns. Int. CMG Conference. pp. 307- 318 ,(2000)
Klaus Julisch, Dealing with False Positives in Intrusion Detection ,(2000)
Rudy Setiono, Huan Liu, A probabilistic approach to feature selection - a filter solution international conference on machine learning. pp. 319- 327 ,(1996)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Nick Cercone, Jiawei Han, Yandong Cai, Knowledge Discovery in Databases: An Attribute-Oriented Approach very large data bases. pp. 547- 559 ,(1992)
Mehran Sahami, Daphne Koller, Toward optimal feature selection international conference on machine learning. pp. 284- 292 ,(1996)
Richard C. Dubes, Anil K. Jain, Algorithms for clustering data ,(1988)
Rakesh Agrawal, Johannes Gehrke, Dimitrios Gunopulos, Prabhakar Raghavan, Automatic subspace clustering of high dimensional data for data mining applications Proceedings of the 1998 ACM SIGMOD international conference on Management of data - SIGMOD '98. ,vol. 27, pp. 94- 105 ,(1998) , 10.1145/276304.276314
I. Katzela, M. Schwartz, Schemes for fault identification in communication networks IEEE ACM Transactions on Networking. ,vol. 3, pp. 753- 764 ,(1995) , 10.1109/90.477721